Subscribe to this blog

Follow by Email

Search This Blog

Pages

Proof of Social Network Identity: a proof of concept

One of the main criticisms to blockchain technology is based on the huge consumption of electricity required by the biggest networks (e.g., Bitcoin and Ethereum).
That huge electric power consumption comes from using Proof of Work (PoW) algorithms to prevent "double spending" which is closely related to the "51% attack".

Some other types of algorithm have been developed as an alternative to PoW, the more popular one being Proof of Stake (PoS), which basically implies that individuals with higher stake (i.e., more crypto money) have more power (i.e., are more trusted) than the rest.
Hence, PoS, creates an entry barrier for those who want to become members of the blockchain network, since one needs to own a stake in order to join the network.

The key to prevent "double spending / 51% attacks" is to use something in the block validation mechanism which is complicated or expensive enough for some malicious actor to replicate or to clone or to create (whatever you call it) in order to gain control of the network.

In PoW that something is computer power (which requires electricity power)

In PoS that something is a cryptocurrency.

But maybe there is something else which one could use to create a secure-enough blockchain network, even if it meant compromising on some other feature of the current blockchain networks.

Let me elaborate a little, I read somewhere that the main features of the blockchain are:

- Integrity (via hashing)

- Authenticity (via signing)

- Confidentiality (via encryption)

Those three points above are an oversimplification, but it will work for the purpose of this post.

I would split down the last point in the following two points:

- Confidentiality of the one who submits a transaction

- Confidentiality of the one who validates a transaction (a.k.a. miner)

Arguably, the first type of confidentiality is much more important than the second one.

In fact, it is currently quite easy to identify who are the validators (a.k.a. miners in PoW) in Bitcoin for example, simply because mining requires such a huge investment in computers and electricity that miners stand out and are easy to find, and also there are publicly-advertised mining pools whose solely purpose is to share the mining costs.
So in general, people do not really care about the validators' identity.

The identity of who submits a transaction, or more broadly, the identity of anyone who owns a blockchain address is a big issue though, and it should not be possible to obtain that information from the blockchain network.

Now this is my proposal: what if by giving away the current not-so-effective protection of the validators identities we could implement a new type of algorithm which would not require huge computing power and neither the ownership of any stake in order to participate in a blockchain network?

It occurred to me that we could use social networks (Twitter, Facebook, LinkedIn, StackOverflow, Github, etc...) for this.

More specifically, we could use the verified social networks accounts together with the power of the Open Web APIs which most of them provide in order to prevent double spending and 51% attacks.

Think about it, the social networks have made a lot of progress in order to prevent abuse and misuse.
Of course you can still create fake accounts in social networks, but in order to be verified you would need more than just an email account, you will also need a working mobile telephone number.
And this new type of algorithm (let's call it Proof of Social Network Identity, since just Proof of Identity has been used in the past to refer to other stuff) can implement tougher requirements in order to increase the security, for example:
"In order to be a validator, you need to own a Twitter account which is more than a year old, and it must have 10 or more followers"

Another example:
"In order to be a validator, you need to own a Twitter account which is more than a year old, and it has 10 or more direct followers and 50 or more secondary followers (followers of your followers) and you must also own a Stackoverflow account with more than 10 points of reputation"

Social network accounts which meet those requirements are not easy to obtain nor fake.
And if the blockchain network is big enough, one malicious actor would need to be able to create thousands of them to be able to succeed or alternatively hack into and take control of Twitter, Facebook, etc...

So the possibilities are endless. What requirements to choose? Well, it is a compromise between ease of access to the network versus security of the network...
One could just start with low requirements and then while using the network (through experimentation and trial and error) those requirements may be increased if deemed necessary.

Since I am a hands-on person, I decided to build a proof of concept based on this new Proof of Social Network Identity (PoSNI) and I called it Social Ledger.

I did not build it from scratch though, one of the main beauties of open source code is that anyone can reuse an existing project, and that is exactly what I have done.

Initially I thought of forking the Go Ethereum client repository, but since I have no experience with Go programming language, then I decided to use Harmony (which is in turn based on EthereumJ) which is an implementation of the Ethereum client in Java.

Ok, so how does it work?
To start the validator (or miner, even though we do not really mine anything), you need to have a Twitter account with an app associated to it.
If you do not know how to create an app in Twitter, you may follow the instructions in the following Youtube video.

Whenever a new block containing new transactions is created, the Twitter username of the miner node which is creating that block is included in one of the block fields (the extradata field), and also, the hashcode of that block is tweeted by that same Twitter account using the Twitter public Web API. Then the block is broadcasted to the network.

Whenever a validator receives a block for the network, on top of all the regular Ethereum-standard checks, it will:
1.- Get the Twitter username of the node which created/mined that block from the extradata block field value.
2.- Look for a tweet containing the hashcode of the block whose author is that same Twitter account

Such tweets look like these ones:

Also, the same miner (i.e., the same Twitter account) is not allowed to mine/create two blocks in a row.
And if there are two competing blocks, the one whose Twitter account has been longer without creating a block, will have preference.

This is quite a lot of information to digest, so I would recommend you to just download the Social Ledger distribution zip file, install it, configure it and run it (so far only on Linux computers, I have not tested it on Mac and to make it work on Windows it would require to write the equivalent Windows start script) as per the instructions in this post or this Youtube video.

I have an Amazon Lightsail VM running 24x7 so your local node should be able to join the network.
The testing which I have performed so far is minimal (just three nodes) so I am not sure what will happen once more nodes join the network but if I see there is enough interest, I may work on make the current implementation more robust and escalable or I may create a new implementation of the Proof of Social Network Identity (PoSNI) algorithm using a more flexible blockchain platform such as Hyperledger or Corda (or something else).

Comments

Post a Comment

Popular posts from this blog

I have been interested in the shared/distributed ledger technology (a.k.a. block chain, a.k.a. the magic behind cryptocurrencies) for more than a year already but recently I had finally put real time and effort into it.

And since I believe that the best way to understand something is to get your hands dirty, that is what I have done, after I got a grasp of the core principles (or that is what I thought back then), I decided to code my own shared ledger simulator.

Initially, I also considered to look into the main existing code bases (e.g., the source code of the main/official Bitcoin client/miner or Ethereum's) since they are open source, but seeing code like thisput me off... That file is 3229 lines big!!! Plus it is written in C++.Do not get me wrong, I truly believe Satoshi Nakamoto (i.e., whoever hides behind that name) is a genius and also a great software developer, but he/she/they for sure did not have readability as their main priority.

Update from Thursday September 14th 2017: The
very same day I posted this (the day before yesterday), I realized that it looked like Google had just
made it effectively obsolete

I thought that at least I could claim that I chose a very demanded functionality to blog about, since Google decided to add a new API to provide this very same service. Even the names are quite similar, I called it "SMS Verifier" and they call it "SMS Retriever". But after looking into this new Google Services API, I found out that it requires to use a paid third-party service such as Twilio... very disappointing!So my original post (which follows below) is still relevant after all, since it allows you to verify the user's phone number for free.

Original post: Tuesday September 12th 2017It was about time for me to give back to the open source community, so I have just pushed the complete (working) code to verify the user's phone number from within an Android app to Github.

TL;DR: After being disrespected multiple times as customer by Smartwings airlines over the years, now I can finally have my little revenge by claiming 400 euros for a delayed flight. The airline sent me an insincere and pathetic apologetic email message. Apology not accepted.I have been a regular customer of Smartwings airlines for quite a long time already.It was not by choice. The reason I fly with them is because it is the only airline which flies directly from Prague (where I live) to Valencia (my hometown).Although I appreciate that they include 15 kg of check-in luggage at no extra charge, the ticket prices are quite high compared to other low-cost airlines (Wizzair and Ryanair, for example).

Also, they do not seem to care much about their customers. Several times they cancelled a flight just few days before the departure date due to "operational reasons". It would seem to me that the real reason was that they did not sale as many tickets for that flight as they expecte…